[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Fri Sep 16 09:10:26 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6af95ce2 by security tracker role at 2022-09-16T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,9 @@
+CVE-2022-3230
+ RESERVED
+CVE-2022-3229
+ RESERVED
+CVE-2022-3228
+ RESERVED
CVE-2022-40742
RESERVED
CVE-2022-40741
@@ -3419,12 +3425,12 @@ CVE-2022-39217
RESERVED
CVE-2022-39216
RESERVED
-CVE-2022-39215
- RESERVED
+CVE-2022-39215 (Tauri is a framework for building binaries for all major desktop platf ...)
+ TODO: check
CVE-2022-39214
RESERVED
-CVE-2022-39213
- RESERVED
+CVE-2022-39213 (go-cvss is a Go module to manipulate Common Vulnerability Scoring Syst ...)
+ TODO: check
CVE-2022-39212
RESERVED
CVE-2022-39211
@@ -4464,8 +4470,8 @@ CVE-2022-38816
RESERVED
CVE-2022-38815
RESERVED
-CVE-2022-38814
- RESERVED
+CVE-2022-38814 (A stored cross-site scripting (XSS) vulnerability in the auth_settings ...)
+ TODO: check
CVE-2022-38813
RESERVED
CVE-2022-38812 (AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. ...)
@@ -4710,6 +4716,7 @@ CVE-2022-2999
RESERVED
CVE-2022-2998
RESERVED
+ {DSA-5212-1}
- chromium 104.0.5112.101-1
[buster] - chromium <end-of-life> (see DSA 5046)
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2300
@@ -6151,8 +6158,8 @@ CVE-2022-38336
RESERVED
CVE-2022-38335
RESERVED
-CVE-2022-38334
- RESERVED
+CVE-2022-38334 (XPDF v4.04 was discovered to contain a stack overflow via the function ...)
+ TODO: check
CVE-2022-38333
RESERVED
CVE-2022-38332
@@ -10635,16 +10642,16 @@ CVE-2022-36538
RESERVED
CVE-2022-36537 (ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows atta ...)
NOT-FOR-US: ZK Framework
-CVE-2022-36536
- RESERVED
+CVE-2022-36536 (An issue in the component post_applogin.php of Super Flexible Software ...)
+ TODO: check
CVE-2022-36535
RESERVED
-CVE-2022-36534
- RESERVED
-CVE-2022-36533
- RESERVED
-CVE-2022-36532
- RESERVED
+CVE-2022-36534 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
+ TODO: check
+CVE-2022-36533 (Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x ...)
+ TODO: check
+CVE-2022-36532 (Bolt CMS contains a vulnerability in version 5.1.12 and below that all ...)
+ TODO: check
CVE-2022-36531
RESERVED
CVE-2022-36530 (An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerabi ...)
@@ -11967,10 +11974,10 @@ CVE-2022-36077
RESERVED
CVE-2022-36076 (NodeBB Forum Software is powered by Node.js and supports either Redis, ...)
NOT-FOR-US: NodeBB
-CVE-2022-36075
- RESERVED
-CVE-2022-36074
- RESERVED
+CVE-2022-36075 (Nextcloud files access control is a nextcloud app to manage access con ...)
+ TODO: check
+CVE-2022-36074 (Nextcloud server is an open source personal cloud product. Affected ve ...)
+ TODO: check
CVE-2022-36073 (RubyGems.org is the Ruby community gem host. A bug in password & e ...)
NOT-FOR-US: RubyGems.org is the Ruby community gem host
CVE-2022-36072 (SilverwareGames.io is a social network for users to play video games o ...)
@@ -13619,8 +13626,8 @@ CVE-2022-35417
RESERVED
CVE-2022-35416 (H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang co ...)
NOT-FOR-US: H3C SSL VPN
-CVE-2022-35415
- RESERVED
+CVE-2022-35415 (An improper input validation in NI System Configuration Manager before ...)
+ TODO: check
CVE-2022-35414 (** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an ...)
{DLA-3099-1}
- qemu 1:7.1+dfsg-1 (unimportant; bug #1014958)
@@ -15214,6 +15221,7 @@ CVE-2022-2257 (Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. ...
CVE-2022-2256 (A Stored Cross-site scripting (XSS) vulnerability was found in keycloa ...)
NOT-FOR-US: Keycloak
CVE-2022-2255 (A vulnerability was found in mod_wsgi. The X-Client-IP header is not r ...)
+ {DLA-3111-1}
- mod-wsgi 4.9.0-1.1 (bug #1016476)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2100563
NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/af3c0c2736bc0b0b01fa0f0aad3c904b7fa9c751 (4.9.3)
@@ -17429,8 +17437,8 @@ CVE-2022-34004
RESERVED
CVE-2022-34003
RESERVED
-CVE-2022-34002
- RESERVED
+CVE-2022-34002 (The ‘document’ parameter of PDS Vista 7’s /applicati ...)
+ TODO: check
CVE-2022-34001 (Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronousl ...)
NOT-FOR-US: Unit4
CVE-2022-34000 (libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init ...)
@@ -30937,8 +30945,8 @@ CVE-2022-29241 (Jupyter Server provides the backend (i.e. the core services, API
- jupyter-server 1.17.1-1 (bug #1013271)
[bullseye] - jupyter-server <no-dsa> (Minor issue)
NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-q874-g24w-4q9g
-CVE-2022-29240
- RESERVED
+CVE-2022-29240 (Scylla is a real-time big data database that is API-compatible with Ap ...)
+ TODO: check
CVE-2022-29239
RESERVED
CVE-2022-29238 (Jupyter Notebook is a web-based notebook environment for interactive c ...)
@@ -35839,8 +35847,8 @@ CVE-2022-27563 (An unauthenticated user can overload a part of HCL VersionVault
NOT-FOR-US: HCL
CVE-2022-27562
RESERVED
-CVE-2022-27561
- RESERVED
+CVE-2022-27561 (There is a reflected Cross-Site Scripting vulnerability in the HCL Tra ...)
+ TODO: check
CVE-2022-27560 (HCL VersionVault Express exposes administrator credentials. ...)
NOT-FOR-US: HCL
CVE-2022-27559
@@ -37643,8 +37651,8 @@ CVE-2022-26961
RESERVED
CVE-2022-26960 (connector.minimal.php in std42 elFinder through 2.1.60 is affected by ...)
NOT-FOR-US: std42 elFinder
-CVE-2022-26959
- RESERVED
+CVE-2022-26959 (There are two full (read/write) Blind/Time-based SQL injection vulnera ...)
+ TODO: check
CVE-2022-26958
RESERVED
CVE-2022-26957
@@ -41074,12 +41082,12 @@ CVE-2022-25710
RESERVED
CVE-2022-25709
RESERVED
-CVE-2022-25708
- RESERVED
+CVE-2022-25708 (Memory corruption in WLAN due to buffer copy without checking size of ...)
+ TODO: check
CVE-2022-25707
RESERVED
-CVE-2022-25706
- RESERVED
+CVE-2022-25706 (Information disclosure in Bluetooth driver due to buffer over-read whi ...)
+ TODO: check
CVE-2022-25705
RESERVED
CVE-2022-25704
@@ -41098,28 +41106,28 @@ CVE-2022-25698
RESERVED
CVE-2022-25697
RESERVED
-CVE-2022-25696
- RESERVED
+CVE-2022-25696 (Memory corruption in display due to time-of-check time-of-use race con ...)
+ TODO: check
CVE-2022-25695
RESERVED
CVE-2022-25694
RESERVED
-CVE-2022-25693
- RESERVED
+CVE-2022-25693 (Memory corruption in graphics due to use-after-free while graphics pro ...)
+ TODO: check
CVE-2022-25692
RESERVED
CVE-2022-25691
RESERVED
-CVE-2022-25690
- RESERVED
+CVE-2022-25690 (Information disclosure in WLAN due to improper validation of array ind ...)
+ TODO: check
CVE-2022-25689
RESERVED
-CVE-2022-25688
- RESERVED
+CVE-2022-25688 (Memory corruption in video due to buffer overflow while parsing ps vid ...)
+ TODO: check
CVE-2022-25687
RESERVED
-CVE-2022-25686
- RESERVED
+CVE-2022-25686 (Memory corruption in video module due to buffer overflow while process ...)
+ TODO: check
CVE-2022-25685
RESERVED
CVE-2022-25684
@@ -41150,10 +41158,10 @@ CVE-2022-25672
RESERVED
CVE-2022-25671
RESERVED
-CVE-2022-25670
- RESERVED
-CVE-2022-25669
- RESERVED
+CVE-2022-25670 (Denial of service in WLAN HOST due to buffer over read while unpacking ...)
+ TODO: check
+CVE-2022-25669 (Denial of service in video due to buffer over read while parsing MP4 c ...)
+ TODO: check
CVE-2022-25668 (Memory corruption in video driver due to double free while parsing ASF ...)
NOT-FOR-US: Snapdragon
CVE-2022-25667
@@ -41178,16 +41186,16 @@ CVE-2022-25658 (Memory corruption due to incorrect pointer arithmetic when attem
NOT-FOR-US: Qualcomm
CVE-2022-25657 (Memory corruption due to buffer overflow occurs while processing inval ...)
NOT-FOR-US: Qualcomm
-CVE-2022-25656
- RESERVED
+CVE-2022-25656 (Possible integer overflow and memory corruption due to improper valida ...)
+ TODO: check
CVE-2022-25655
RESERVED
-CVE-2022-25654
- RESERVED
-CVE-2022-25653
- RESERVED
-CVE-2022-25652
- RESERVED
+CVE-2022-25654 (Memory corruption in kernel due to improper input validation while pro ...)
+ TODO: check
+CVE-2022-25653 (Information disclosure in video due to buffer over-read while processi ...)
+ TODO: check
+CVE-2022-25652 (Cryptographic issues in BSP due to improper hash verification in Snapd ...)
+ TODO: check
CVE-2022-25651 (Memory corruption in bluetooth host due to integer overflow while proc ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2022-25650 (A vulnerability has been identified in Mendix Applications using Mendi ...)
@@ -55264,8 +55272,8 @@ CVE-2022-22107 (In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to
NOT-FOR-US: DayByDay CRM
CVE-2022-22106 (Memory corruption in multimedia due to improper length check while cop ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22105
- RESERVED
+CVE-2022-22105 (Memory corruption in bluetooth due to integer overflow while processin ...)
+ TODO: check
CVE-2022-22104 (Memory corruption in multimedia due to improper check on the messages ...)
NOT-FOR-US: Snapdragon
CVE-2022-22103 (Memory corruption in multimedia driver due to double free while proces ...)
@@ -55284,20 +55292,20 @@ CVE-2022-22097 (Memory corruption in graphic driver due to use after free while
NOT-FOR-US: Snapdragon
CVE-2022-22096 (Memory corruption in Bluetooth HOST due to stack-based buffer overflow ...)
NOT-FOR-US: Qualcomm
-CVE-2022-22095
- RESERVED
-CVE-2022-22094
- RESERVED
-CVE-2022-22093
- RESERVED
-CVE-2022-22092
- RESERVED
-CVE-2022-22091
- RESERVED
+CVE-2022-22095 (Memory corruption in synx driver due to use-after-free condition in th ...)
+ TODO: check
+CVE-2022-22094 (memory corruption in Kernel due to race condition while getting mappin ...)
+ TODO: check
+CVE-2022-22093 (Memory corruption or temporary denial of service due to improper handl ...)
+ TODO: check
+CVE-2022-22092 (Memory corruption in kernel due to use after free issue in Snapdragon ...)
+ TODO: check
+CVE-2022-22091 (Improper authorization of a replayed LTE security mode command can lea ...)
+ TODO: check
CVE-2022-22090 (Memory corruption in audio due to use after free while managing buffer ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22089
- RESERVED
+CVE-2022-22089 (Memory corruption in audio while playing record due to improper list h ...)
+ TODO: check
CVE-2022-22088
RESERVED
CVE-2022-22087 (memory corruption in video due to buffer overflow while parsing mkv cl ...)
@@ -55312,8 +55320,8 @@ CVE-2022-22083 (Denial of service due to memory corruption while extracting ape
NOT-FOR-US: Snapdragon
CVE-2022-22082 (Memory corruption due to possible buffer overflow while parsing DSF he ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22081
- RESERVED
+CVE-2022-22081 (Memory corruption in audio module due to integer overflow in Snapdrago ...)
+ TODO: check
CVE-2022-22080 (Improper validation of backend id in PCM routing process can lead to m ...)
NOT-FOR-US: Snapdragon
CVE-2022-22079
@@ -55326,8 +55334,8 @@ CVE-2022-22076
RESERVED
CVE-2022-22075
RESERVED
-CVE-2022-22074
- RESERVED
+CVE-2022-22074 (Memory Corruption during wma file playback due to integer overflow in ...)
+ TODO: check
CVE-2022-22073
RESERVED
CVE-2022-22072 (Buffer overflow can occur due to improper validation of NDP applicatio ...)
@@ -55342,8 +55350,8 @@ CVE-2022-22068 (kernel event may contain unexpected content which is not generat
NOT-FOR-US: Snapdragon
CVE-2022-22067 (Potential memory leak in modem during the processing of NSA RRC Reconf ...)
NOT-FOR-US: Snapdragon
-CVE-2022-22066
- RESERVED
+CVE-2022-22066 (Memory corruption occurs while processing command received from HLOS d ...)
+ TODO: check
CVE-2022-22065 (Out of bound read in WLAN HOST due to improper length check can lead t ...)
NOT-FOR-US: Snapdragon
CVE-2022-22064 (Possible buffer over read due to lack of size validation while unpacki ...)
@@ -126022,18 +126030,22 @@ CVE-2020-35534 (In LibRaw, there is a memory corruption vulnerability within the
NOTE: https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/279
CVE-2020-35533 (In LibRaw, an out-of-bounds read vulnerability exists within the "LibR ...)
+ {DLA-3113-1}
- libraw 0.20.0-4
NOTE: https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/273
CVE-2020-35532 (In LibRaw, an out-of-bounds read vulnerability exists within the "simp ...)
+ {DLA-3113-1}
- libraw 0.20.0-4
NOTE: https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/271
CVE-2020-35531 (In LibRaw, an out-of-bounds read vulnerability exists within the get_h ...)
+ {DLA-3113-1}
- libraw 0.20.0-4
NOTE: https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/270
CVE-2020-35530 (In LibRaw, there is an out-of-bounds write vulnerability within the "n ...)
+ {DLA-3113-1}
- libraw 0.20.0-4
NOTE: https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/272
@@ -147422,28 +147434,28 @@ CVE-2020-23562 (IrfanView 4.54 allows a user-mode write access violation startin
NOT-FOR-US: Irfanview
CVE-2020-23561 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
NOT-FOR-US: Irfanview
-CVE-2020-23560
- RESERVED
-CVE-2020-23559
- RESERVED
-CVE-2020-23558
- RESERVED
-CVE-2020-23557
- RESERVED
-CVE-2020-23556
- RESERVED
-CVE-2020-23555
- RESERVED
-CVE-2020-23554
- RESERVED
-CVE-2020-23553
- RESERVED
-CVE-2020-23552
- RESERVED
-CVE-2020-23551
- RESERVED
-CVE-2020-23550
- RESERVED
+CVE-2020-23560 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23559 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23558 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23557 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23556 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23555 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23554 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23553 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23552 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23551 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
+CVE-2020-23550 (IrfanView 4.54 allows a user-mode write access violation starting at F ...)
+ TODO: check
CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...)
NOT-FOR-US: IrfanView
CVE-2020-23548
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af95ce2a11943aec3112c27829121a4f2119c72
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6af95ce2a11943aec3112c27829121a4f2119c72
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/ed95837e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list